Complete Privacy Policy

For Itervitis considers the privacy of its customers of primary importance. This privacy policy defines which data is collected and how it is being used, disclosed, transferred or dismissed by the company.

Identity of Itervitis

If you have questions related to this privacy policy, please contact us using the information listed below.

Our customers can send us requests about the protection of personal data, privacy and security to the CEO of Itervitis, Emanuela Panke, using the address [email protected]

Data collected by Itervitis

If you choose to register to the site, four categories of data will be developed on behalf of the customer:

“Account Data”

When opening an account on our website, executing an order, subscribing to the newsletter or undertaking a survey, there will be the collection of contact data such as email address and name of contact person, company name, address, phone number, VAT number, favourite language and currency, order number, email address of invoice recipient, card numbers or bank account related data.

Setup Data

The company collects the data inserted by the customer after the log in, such as the domain or website names for which the customer wants to implement the Service, besides the configuration of content, appearance and behaviour addressed to the visitors of the website (“Final Users”).

Final Users’ Data

This is the data generated by final Users browsing the site or sites of customers using the Service. When a Final User sends consent from the customer’s site, the following data will be automatically registered by Itervitis:

Final User’s IP address in anonymous form (the last three digits being converted in “0”)

Date and time of consent.

User agent of the final User’s browser.

URL from which the consent has been sent.

A value for the anonymous, random and encrypted key.

The final User’s Consent status, representing the proof of consent.

The key and the consent status are also saved on the final User’s browser through a first-party cookie, called “CookieConsent”, so that the website can read and respect automatically the final User’s consent during later requests of the page and future sessions for a maximum period of 12 months. The key is used as a proof of consent and to verify that the status of consent saved in the final User’s browser is the same as the original sent to Itervitis.

If the function of the Service “Allow consent for all” is allowed as to enable consent for different sites with a single submission by the final User, the Service will also save another unique and random ID with the final User’s consent. If all the following criteria are fulfilled, the key will be stored through encrypted form in a third-party cookie, called “CookieConsentBulkTicket”, on the Final User’s browser:

The customer enables the function “Allow consent for all” in the configuration of the Service;

The final User accepts third-party cookies from the settings of the browser;

The final User has disabled the function “Do Not Track” from the settings of the browser;

When giving consent, the final User accepts all types of cookies, or at least the cookies of “preference”.

“Data generated by the system”

The service automatically creates and saves metadata based on other types of data, such as:

Subscription data, such as start date, date of last invoice, and the result of the compulsory validation of the VAT number. The invoices issued are saved in order to allow their access from the Service management system;

The definitions of cookies found when the Service has scanned the customer’s sites, including the reports showing the results of each scan;

Aggregate statistics about the final User’s consents.

It is possible to send instructions to Itervitis through the configuration and/or perform the relevant functions offered by the Service through its management system. If specific instructions concerning personal data cannot be given through the management system, it is possible to send these instructions to the company by using the helpdesk to the address Sede legale Via Dante Alighieri 5, 34122 Trieste.

Itervitis will inform the customer by e-mail about any variations of the Service, such as the implementation of additional features, if the subscription to the newsletter of Itervitis is made through the account settings pages on the service management system.

For what purposes is the data provided being used?

To personalise the customer’s experience (the data provided helps Itervitis to better fulfil the individual needs of each user);

To allow the User to monitor the final Users’ experience and to allow the Service to automatically apply the final User’s consent to other sites of the customer;

To improve our website (Itervitis is constantly committed to improving the offers reported on our website, based on the data and comments that we receive from the users);

To identify the customer as a contracting party;

To enable the customer’s secure login to the service management system at www.itervitis.eu

To establish a primary communication channel with the customer;

To allow Itervitis to issue invoices with valid VAT and to process the transactions (the customer’s information will not be sent, exchanged, transferred or provided to other companies for any reason without the customer’s authorisation, exception made for the supply of the requested service);

To allow the automated management of subscriptions;

To produce and display the statements concerning cookies for final Users, as well as to save and display the report about the customer’s scan;

To provide aggregated information about the final Users’ choices in relation to the types of cookies enabled and to generate a graphic representation on the service management system;

To periodically send emails: the email address provided for order processing can be used to send information and updates pertaining to the order, as well as occasional company news (if the user consents), updates, related products or services information, etc.The customers can decide anytime not to receive these emails anymore by closing their account just by clicking, once logged in, on « Cancel my account » or « Close my account ».

Legal basis

EU General data protection regulation (GDPR)

The customer’s data processing is based either on the consent provided or the fact that treatment is required to perform a contract in which the customer is a contracting party, or to adopt the necessary measures before the contract is signed upon customer’s request (see article 6(1)(a)-(b) of GDPR).

If the processing is based on the user’s consent, this can be revoked anytime by using the contact data referred to in Article 1.

To access the signing of a contract concerning the purchase of Itervitis it is necessary to provide the requested personal data to the company. If all the data requested is not provided, it will not be possible to offer the Service.

Conformity with the California Online Privacy Protection Act

Considering that Itervitis takes seriously into account the privacy of its customers, all the necessary measures to operate in accordance with the policy about data protection currently in force in California (« California Online Privacy Protection Act ») have been adopted. Therefore, the company will not release any personal data to third parties without the customer’s explicit authorisation, exception made for the cases referred to in previous article 7.

In accordance with the « privacy protection Law » in force in California, all the users of our website are free to modify anytime their own data, by accessing the “Profile” page on their account.

Conformity with Children’s Online Privacy Protection Act (COPPA)

Itervitis complies with the requirements laid down in the Children’s Online Privacy Protection Act (COPPA). We don’t intentionally gather the personal data of children under the age of 13. Our website, and our products and services, are intended for people aged 13 years and over.

Protection of customer’s data

Itervitis implements the following technical, physical, or organisational measures, to protect the customer’s personal data against their accidental loss or manipulation, accidental or unlawful destruction, unauthorised access and disclosure, or any other form of illegal treatment.

Availability

The Service uses the wide functionalities of the Cloud environment to ensure high availability, such as complete redundancy, load balancing, continuous data backup, and georeplication and traffic management to face geographical failovers caused by accidents within the data centre. All the failover mechanisms are totally automated.

No personal data is saved in a permanent way outside of Itervitis. The physical security is managed by the company’s subcontractor (see article 7) Itervitis (cfr. articolo 7). The datacentres of REGISTER-AS, IT meet the industry standards, such as the rule ISO 27001 for physical security and availability, for instance by using 24h security staff, controlling the accesses with two-factors authentication, using biometric readers and cards, barriers, fences, security cameras and other measures.

Integrity

In order to ensure integrity, all data transfers are encrypted by following the best procedures for the protection of data confidentiality and integrity. For instance, all the credit card data provided is transmitted through the SSL (Secure Socket Layer) technology, and encrypted on the database of our payment gateway, only accessible by those who are authorised to access these systems, and subject to a bond of confidentiality about the above mentioned data.

For the data in transit, the Service uses the industry standard transport protocols between the devices and the datacentres of REGISTER-AS, IT and within the datacentres themselves.

Confidentiality

All that is personal is subject to a bond of confidentiality and any subcontractor or subprocessor must sign a confidentiality agreement, if this bond is not integral part of the Contract signed by both parties.

The access to personal data by authorised staff is performed exclusively through an encrypted connection. When the access to a database is realised, the IP address of the person accessing the data must be previously authorised in order to obtain the access.

Any device used to access to personal data is protected by login. If the personal data is being temporarily saved on a device, its storage space will have to use a strong cryptography.

The local devices on which the personal data is temporarily saved are guarded in a lockbox, exception made for when they are not actively being used or they are being relocated under a constant supervision. The personal data is never stored on mobile devices such as USB or DVD.

Transparency

Itervitis will always keep the customer informed about any variation within the privacy protection processes and data security, including procedures and policies. At any time, it is possible to ask for information about where and how the data is saved, used and protected. Itervitis will also provide a recap of the outcome of Service-independent audits.

Isolation

The access to personal data is normally blocked by zero-privilege policies. The access to personal data is limited to individually authorised staff. The official in charge of security and privacy at Itervitis issues authorisations and keeps a register of the authorisations provided. A minimum access, based on the real necessities, is provided to the authorised staff.

Possibility of intervention

Itervitis provides the users with rights of access, rectification, cancellation, blockage and objection, mostly by supplying built-in functionalities for data management inside the service management system, by offering the option of sending instructions to the helpdesk of Itervitis and by informing and offering the customer the possibility to object when Itervitis wants to implement variations about the relevant procedures and policies.

The general responsibility for data security is taken in charge by the responsible for the data protection of Itervitis who trains and keeps all the staff up to date about the data security measures reported in the security manual of and within this privacy Policy

Itervitis Monitoring

Itervitis uses security reports for monitoring the access patterns and to proactively identify and mitigate potential threats. The administrative operations, including the accesses to the system, are documented in order to provide an audit trail in case of unlawful or accidental manipulations.

The performances of the system and the availability are tracked by monitoring services, both internal and external.

Personal data breach notification

In case the customer’s data was compromised, Itervitis will inform the customer himself and the supervisory authorities by email within 72 hours, providing information about the entity of the breach, the concerned data, any possible impact on the Service and the action plan of Itervitis with measures aimed at enhancing data security and limiting the adverse effects on personal data.

With “personal data breach” is intended any security breach leading to an accidental or unlawful destruction, loss, manipulation, access or unauthorised disclosure of the personal data transmitted, archived or otherwise processed in relation to the provision of the Service.

Use of cookies

Does the company disclose any data to third parties?

Itervitis does not sell, commercialise or transfer its customers’ personal data to third parties in any way.

The above does not apply to trustworthy third parties or contractors who provide support in the management of our site and activity or ensure service performances to the user. These trusted entities can access the customer’s personal data anytime when required and they will be contractually obliged to keep them confidential.

Moreover, the company could be forced to disclose the data for the purpose of operating in compliance with the legislation in force in the country of reference, in order to ensure the respect of the terms related to the use of its own site or the protection of the rights, property or security of the company or third parties. Nevertheless, the company could disclose non-personal data to third parties to fulfil marketing or advertising needs, or for other types of uses.

Disclosure required by law

Itervitis will not disclose the customer’s data to law enforcement authorities, unless authorised by the customer or required by law. When the authority asks Itervitis, a legitimate question to access the customer’s data, the company will try to limit the disclosure. Particularly, Itervitis will release only specific data, to the extent provided by law.

If obliged to disclose the data, Itervitis will inform the customer and provide a copy of the request, unless expressly prohibited by law.

Link to third parties

Occasionally, at its own discretion, the company could present or offer third-party products or services on its website. Regarding privacy, the sites of these entities adopt policies which are different and independent from ours. Therefore, the company declines all responsibility concerning the contents and activities of such linked sites. Nevertheless, the company is always committed to protecting the integrity of its website, for this reason we will be glad to receive any comments in relation to such sites.

Where does the company store the data?

No saved data will be subject to backup or transfer and recovery by Itervitis outside of the EU.

Location of personal data

All data is stored in databases and file repositories on the data centres within Itervitis’s cloud vendor, Itervitis, REGISTER-AS, IT. All data will be automatically replicated in real time on secondary hot failover databases and file repositories in the data centres of REGISTER-AS, IT.

The databases are subject to constant backups to allow recovery at all times, within a retention period of 35 days. The backups are archived on data storage spaces in the same geographical location of the database.

Software installation on the customer’s cloud system

No software installation is required in order to use the Service. The service management system, protected by login, is accessible from a normal browser which automatically uses an encrypted https connection for all communication between the browser and Itervitis, server, with the purpose of protecting the data and preventing any interception during the transfers on the web.

Details on Personal Data processing

Personal Data is gathered with the following purposes and by using the listed services:

Contacting the User

Contact form (This Application)

The User, by filling the contact form with his data, agrees with their use to reply to requests of information, quotation or any other nature as indicated on the header of the form. Personal Data: Zip code, surname, date of birth, email, address, country, name, fax number, phone number, VAT number, occupation, district, company name, sex, status and other types of Data, in accordance with what specified in the privacy policy of this service.

Mailing List or Newsletter (This Application)

By subscribing to the mailing list or the newsletter, the User’s email address is automatically integrated in a list of contacts to which email messages containing information, also of promotional and commercial nature related to this App, may be sent. The User’s email address may be also added to this list as a result of the registration to this App or after making a purchase. Personal Data: Zip code, surname, Cookies, usage Data, email, country, name, phone number, occupation, district and status.

Phone Contact (This Application)

The Users who provided their phone number may be contacted for commercial or promotional purposes linked to this App, as well as to satisfy support requests. Personal Data collected: phone number.

Mailgun (Mailgun, Inc.)

SPAM Protection

This kind of service analyses the traffic of this Website, which could potentially contain users’ personal data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

Google reCAPTCHA (Google Inc.)

Google reCAPTCHA is a spam protection service provided by Google Inc. The use of the reCAPTCHA system is subject to the privacy policy and the terms of use of Google. Personal Data collected: Cookies and usage data. Processing Location: USA – Privacy Policy.

Interaction with Live Chat platforms

This kind of service enables the interaction with live chat platforms, managed by third parties directly by the pages of this Website. This allows the User to contact the support service of this Website or this Website to contact the User while s/he is browsing its pages. If a service allowing interaction with the live chat platforms is installed, this may still collect traffic Data about the pages in which it is installed, even when the Users are not using the service. Furthermore, the live chat conversations may be registered.

LiveChat (LiveChat, Inc.)

LiveChat is an offline customer support software with online support, help desk software and web data analytics functionalities. Personal Data collected: Cookies, usage Data and different types of Data in accordance with what specified in the privacy policy of the service. Processing Location: USA – Privacy Policy

Interaction with data collection platforms and other third parties

This type of service enables the Users to interact with data collection platforms or other services directly from the pages of this Website, with the purpose of saving and reusing data. If one of these services is installed, it may still collect traffic Data about the pages in which it is installed, even when the Users are not using the service.

MailChimp widget (The Rocket Science Group, LLC.)

The MailChimp widget enables the interaction with the email addresses management and the sending of messages. MailChimp is provided by The Rocket Science Group LLC. Personal Data collected: name, surname and email. Processing Location: USA – Privacy Policy

Analytics

The services contained in this section allow the Processing Company to monitor and analyse traffic data and they are used to track the User’s behaviour.

Google Analytics with anonymous IP (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses Personal Data collected with the purpose of tracking and examining the use of this Website, filling out reports and sharing them with the other services developed by Google. Google may use Personal Data to contextualise and personalise its own advertising network’s ads. This integration of Google Analytics makes your IP address anonymous. In case of anonymous IP activation on this website, however, Google will shorten your IP address within the states which are members of the European Union or in other countries that are parties to the European Economic Area agreement. Just in exceptional occasions, the IP address will be sent to Google servers and shortened inside the United States. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy – Opt Out

Google Tag Manager (Google Inc.)

Yandex Metrica (YANDEX, LLC)

Yandex Metrica is a web analysis service and heat mapping provided by YANDEX, LLC. Yandex Metrica can be used to identify over which areas of a page the cursor hovers or a mouse clicks, in order to detect which of them raise the biggest interest. Personal Data collected: Cookies and usage Data. Processing Location: Russia – Privacy Policy – Opt Out

Google AdWords (Google Inc.) conversion tracking

The conversion tracking of Google AdWords is a web analysis service provided by Google Inc. that links the data coming from the ad network of Google AdWords with the actions performed inside this Website. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Facebook Ads (Facebook, Inc.) conversion tracking

The conversion tracking of Facebook Ads is a web analysis service provided by Facebook, Inc. that links the data coming from the ad network of Facebook with the actions performed inside this App. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Display Advertisers Extension for Google Analytics (Google Inc.)

Google Analytics may use on this App interest-based Google ads, data about the audience of third parties and information coming from DoubleClick Cookie to extend the statistics with demographics, interests and data about the interactions with ads. Personal data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy –Opt Out

Segment (Segment.io Inc.)

AdEspresso (Creative Web Srl) conversion tracking

The conversion tracking of AdEspresso is a web analysis service provided by Creative Web Srl that links the data coming from the ad network of Facebook with the actions performed inside this App. Personal data collected: Cookies and usage Data. Processing location: Italy – Privacy Policy

Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)

Hotjar is a web analysis service provided by Hotjar Ltd. Hotjar honours generic « Do Not Track » headers. This means the browser can tell its script not to collect any of the User’s data. This setting is available in all major browsers. Personal data collected: Cookies and usage Data. Processing Location: Malta – Privacy Policy – Opt Out

Remarketing and behavioural targeting

This type of service allows this App and its partners to inform, optimise and serve advertising based on the User’s past use of the App. This activity is performed by tracking usage Data and using Cookies, information transferred to the partners linked to the remarketing and behavioural targeting activity. In addition to the possibility of making the opt-out offered by the services stated below, the User can decide to be excluded from the reception of third-party related cookies, by visiting the opt-out page of the Network Advertising Initiative.

AdWords Remarketing (Google Inc.)

AdWords Remarketing is a remarketing and behavioural targeting service provided by Google Inc. that links the activity of this App with the ad network of Google AdWords and DoubleClick Cookie. Personal data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy – Opt Out

Google Analytics for display advertising is a service of remarketing and behavioural targeting provided by Google Inc. that links the tracking activity performed by Google Analytics and its Cookies with the advertising network of Google AdWords and DoubleClick Cookie. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy – Opt Out

DoubleClick for Publishers Audience Extension (Google Inc.)

DoubleClick for Publishers Audience Extension is a service of remarketing and behavioural targeting provided by Google Inc. that tracks the visitors of this App and allow selected ad partners to show them custom ads within the web. Personal data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy – Opt Out

Heat mapping and Session logs

The services of Heat Mapping are used to identify over which areas of a page the cursor hovers or a mouse clicks, in order to detect which of them raise the biggest interest. These services allow to monitor and analyse traffic data and are used to track the User’s behaviour.

Hotjar Heat Maps Recordings (Hotjar Ltd.)

Hotjar is a service of heat mapping and session logs provided by Hotjar Ltd. Hotjar honours generic « Do Not Track » headers. This means the browser can tell its script not to collect any of the User’s data. This setting is available in all major browsers. Personal Data collected: Cookies, Usage Data and different types of Data in accordance with what specified in the service privacy policy. Processing Location: Malta – Privacy Policy – Opt Out

Interaction with social networks and external platforms

This type of service allows to perform interactions with social networks or other external platforms directly through the pages of this Website. The interactions and the information acquired by this Website are subject in any case to the User’s privacy settings related to each social network. If a service allowing interaction with the social networks is installed, it may still collect traffic Data about the pages in which it is installed, even when the Users are not using the service.

AddThis (AddThis Inc.)

AddThis is a service provided by Clearspring Technologies Inc. displaying a widget that allows the interaction with external social networks and platforms and the sharing of contents of this Application. Depending on the configuration, this service can display widgets belonging to third parties, such as the providers of the social networks where the interactions are shared. In this case, also the third parties providing the widget will become aware of the interaction and the usage Data related to the pages in which this service is installed. Personal Data collected: Cookies and usage Data. Processing Location: USA – – Privacy Policy

Google Friend Connect (Google Inc.)

ShareThis (Sharethis Inc.)

ShareThis is a service provided by ShareThis Inc. displaying a widget that allows the interaction with external social networks and platforms and the sharing of contents of this Application. Depending on the configuration, this service can display widgets belonging to third parties, such as the providers of the social networks where the interactions are shared. In this case, also the third parties providing the widget will become aware of the interaction and the usage Data related to the pages in which this service is installed. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Displaying of contents on external platforms

This kind of service allows to display contents hosted on external platforms directly through the pages of this Website and to interact with them. If such a service is installed, this may still collect traffic Data about the pages in which it is installed, even when the Users are not using the service.

TripAdvisor widget (TripAdvisor LLC)

TripAdvisor widget is a service of content displaying managed by TripAdvisor LLC allowing this Website to integrate contents from this external platform within its own pages. Personal data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

YouTube Video Widget (Google Inc.)

YouTube is a service of content displaying managed by Google Inc. allowing this Website to integrate these contents within its pages. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Google Maps Widget (Google Inc.)

Google Maps is a service of content displaying managed by Google Inc. allowing this Website to integrate these contents within its pages. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Advertisement

This kind of service allows the usage of User’s Data for commercial communication purposes through banners and other advertisement forms, possibly related to the User’s interests. This does not mean that all Personal Data will be used for this purpose. Information and terms of use are reported as follows. Some of the services listed below could use Cookies to identify the User or employ the behavioural retargeting technique, displaying personalised ads based on the interests and behaviour of the User, detected also outside of this App. In order to have more information about this, we suggest you to refer to the privacy policies of the respective services.

Google AdSense (Google)

Google AdSense is an advertising service provided by Google Inc. This service uses “DoubleClick” Cookie, which tracks the usage of this App and the User’s behaviour in relation to the ads, products and offered services. The User can choose anytime not to use the DoubleClick Cookie, providing for its deactivation: google.com/settings/ads/onweb/optout. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy – Opt Out

Tradedoubler (Tradedoubler)

TradeDoubler is an advertising service provided by TradeDoubler AG. To get more information about TradeDoubler cookies and how to block them: TradeDoubler’s targeting technologies. Personal Data collected: Cookies and usage Data. Processing Location: Sweden – Privacy Policy – Opt Out

RSS feeds Management

This type of service allows the management of RSS feeds and the distribution of their contents. Depending on the features of the service in use, these services may also be used to include ads within the contents and to collect statistical data about them.

Feedburner (Google)

Feedburner is a service of RSS feeds management provided by Google Inc. allowing to collect statistics about the consultation of contents and to integrate ads within them. Personal data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Content Commenting

Commenting services allow users to submit and publish their own comments about the contents of this App. Depending on the settings chosen by the owner, Users may also leave a comment anonymously. Should the personal data given by users include an email, this may be used to send comment notifications on the same contents. Users are responsible for the content of their own comments. If a commenting service provided by third parties is installed, this may still collect traffic Data about the pages in which it is installed, even when the Users are not using the service.

Facebook Comments (Facebook, Inc.)

Facebook Comments is a service provided by Facebook, Inc. allowing Users to leave their own comments and share them within the Facebook platform. Personal Data collected: Cookies and usage Data. Processing Location: USA – Privacy Policy

Hosting and backend infrastructure

This kind of service has the function of hosting Data and files allowing the functioning of this Website and its distribution, providing a ready-to-use infrastructure that supplies specific features of this Website. Some of these services operate through servers which are physically located in different countries, making the exact location in which the Personal Data is stored very difficult to determine.

Register Spa

REGISTER is a hosting and backend service provided by Register Spa. Personal Data collected: different types of Data in accordance with what specified in the privacy policy of the service. Processing Location: ITA – Privacy Policy.

Cookie Policy

This Website uses Cookies. If you want to know more and get a detailed policy, you can refer to our Cookie Policy.

Access assistance, data portability, migration and transfer

You can always ask Itervitis for a confirmation about the processing of your own personal data. You can ask any time for a complete copy of the data, which can then be transmitted to another controller of data processing. The data will be sent by Itervitis within 10 working days in the form of a Microsoft Excel spreadsheet. The logical relations between the different sets of data will be preserved by unique identifiers. Once each copy of data is delivered, a payment of €1000+applicable taxes will be requested.

Request of rectification, limitation or cancellation of personal data

Rectification

It is possible to obtain anytime, without undue delay, the rectification of inaccurate personal data concerning the customer (see article 5.6).

Limitation to the elaboration of personal data

The customer can request anytime that Itervitis limits the elaboration of personal data in one of the following cases:

if the accuracy of personal data is questioned, in a lapse of time that would allow Itervitis to verify their correctness;

if the elaboration is not legal and the customer objects to the elimination of personal data, requesting instead a limitation in their use;

if Itervitis needs no more the personal data with the purpose of processing, but this is requested by the customer for establishing, exercising or defending legal demands.

Cancellation

The customer could request, without undue delay, the cancellation of his own personal data, and Itervitis will provide for its removal, without undue delay, upon the occurrence of one of these conditions:

if the personal data is no more necessary for the purpose for which it was collected or otherwise processed;

if the consent upon which the processing is based is withdrawn, and if no more legal obligations for the processing are fulfilled;

if the customer objects to the processing, in case the elaboration is linked to direct marketing purposes;

if the personal data is illegally processed;

if the personal data must be cancelled in compliance with European or National legal obligations.

Data Retention

Policy on Data Retention

For tax purposes, the account data will be retained up to five full fiscal years after the closure of the Service by the customer. The configuration data and the data generated by the system will be immediately deleted if the customer withdraws from the Service. The final Users’ data will be deleted on an ongoing basis after 12 months after registration or immediately, if the customer withdraws from the Service.

Data retention for legal purposes

It is not allowed to ask Itervitis to modify any default retention period, made exception for the cases referred to in article 11.3 about cancellation, but it is possible to suggest variations in accordance with the laws and industry specific regulations.

Data restitution and/or cancellation

None of the data, excluding the account data, will be retained after the end of the contractual relationship. It is possible to ask for a copy of the data before withdrawing. The customer does not have to close the Service-related account before a copy is provided as, in so doing, it would be impossible for Itervitis to provide a copy of the data.

Responsibility

Itervitis uses a wide range of built-in functionalities of registration and audit trail provided by REGISTER-AS, IT. Itervitis to provide a copy of the data. also registers all system updates, configuration changes and accesses in order to provide an audit trail in case of unlawful or accidental alterations. It is possible to request an audit for data protection performed by an independent third party, accepted also by Itervitis. The cost is €5000 + applicable taxes for an audit request, besides €200 hourly rate for the time spent by Itervitis in relation to the audit, and other possible costs linked to it, including the auditor’s cost.

Collaboration

Itervitis will collaborate with the customer in order to assure the conformity of the applicable dispositions in terms of data protection, for instance to allow the customer to exercise the rights of the entities (right of access, rectification, cancellation, blockage, opposition) and to manage accidents, such as the legal analysis in case of security breach.

User’s Consent

By using our site, the user declares to accept the terms contained in this privacy policy.

Amendments to the privacy policy

In case we decided to make amendments to the contents of our privacy policy, we will provide for the updating of the contents of this page and/or the modification date of the corresponding document. The last amendment of this policy has been approved on May 24, 2018.

Complaints

The customer can make a complaint before a supervisory authority about personal data collection and processing by Itervitis. In Italia it is possible to lodge a complaint to the italiana company for the protection of personal data.This privacy policy exclusively concerns this Website.

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Cookies strictement nécessaires

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.